changeset 1926:55a7328fafb6

jp (blog/edit): do not remove files if they are not in the temporary dir hierarchy
author Goffi <goffi@goffi.org>
date Fri, 25 Mar 2016 11:45:57 +0100
parents 53b51866747f
children 03f780b60d5d
files frontends/src/jp/cmd_blog.py
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/frontends/src/jp/cmd_blog.py	Thu Mar 24 18:38:04 2016 +0100
+++ b/frontends/src/jp/cmd_blog.py	Fri Mar 25 11:45:57 2016 +0100
@@ -116,6 +116,9 @@
         """
         if not os.path.isfile(path):
             raise OSError(u"path must link to a regular file")
+        if not path.startswith(self.getTmpDir(sat_conf)):
+            self.disp(u"File {} is not in blog temporary hierarchy, we do not remove it".format(path.decode('utf-8')), 2)
+            return
         backup_dir = self.getTmpDir(sat_conf, SECURE_UNLINK_DIR)
         if not os.path.exists(backup_dir):
             os.makedirs(backup_dir)
@@ -311,6 +314,9 @@
 
             if len(content) == 0:
                 self.disp(u"Content is empty, cancelling the blog edition")
+                if not content_file_path.startswith(self.getTmpDir(sat_conf)):
+                    self.disp(u"File are not in blog temporary hierarchy, we do not remove it", 2)
+                    self.host.quit()
                 self.disp(u"Deletion of {}".format(content_file_path.decode('utf-8')), 2)
                 os.unlink(content_file_path)
                 self.disp(u"Deletion of {}".format(meta_file_path.decode('utf-8')), 2)